Date: Thu, 04 Jan 2001 16:22:01 +0000 From: Paul Richards <paul@freebsd-services.co.uk> To: Dag-Erling Smorgrav <des@ofug.org> Cc: Mark Murray <mark@grondar.za>, Paul Richards <paul@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/usr.sbin/pkg_install/update pkg_update.pl Message-ID: <3A54A329.3A84087F@freebsd-services.co.uk> References: <xzp8zorla59.fsf@flood.ping.uio.no> <200101041509.f04F9kY06526@gratis.grondar.za> <xzp3dezl2gm.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Dag-Erling Smorgrav wrote: > > Mark Murray <mark@grondar.za> writes: > > > > $file not be what you expect, particularly should $file turn out to be > > > > "+REQUIRES" since ">+" is a valid open mode. > > > This would not be a problem if you used sysopen() instead of open(). > > Even better - properly sanitise $file using taint-like checking. Taint wouldn't actually solve this problem, since + is a valid part of the filename. > This is a crutch, not a cure. The fundamental problem here is that > open() mixes information about the type of operation to perform with > the name of the file on which to perform that operation - which is > very poor API design. My advice is to use sysopen() consistently > except for these two cases: open(PIPE, "-|") and open(PIPE, "|-"). sysopen() is not portable, it is a wrapper to the underlying OS open() call and as such you have to know what the OS file modes are. Paul. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A54A329.3A84087F>